× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: b44bc14703f8ae11bf9c069d7fafe5fbc59a75162fb52b6cea16068064252ff7
Dateiname: Lbw.exe
Erkennungsrate: 2 / 56
Analyse-Datum: 2015-08-31 10:38:38 UTC ( vor 3 Jahre, 3 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Panda Trj/Genetic.gen 20150830
Symantec Trojan.Gen.SMH 20150830
Ad-Aware 20150831
AegisLab 20150831
Yandex 20150829
AhnLab-V3 20150830
Alibaba 20150831
ALYac 20150831
Antiy-AVL 20150831
Arcabit 20150831
Avast 20150831
AVG 20150831
Avira (no cloud) 20150831
AVware 20150831
Baidu-International 20150831
BitDefender 20150831
Bkav 20150831
ByteHero 20150831
CAT-QuickHeal 20150831
ClamAV 20150831
CMC 20150831
Comodo 20150831
Cyren 20150831
DrWeb 20150831
Emsisoft 20150831
ESET-NOD32 20150831
F-Prot 20150829
F-Secure 20150829
Fortinet 20150831
GData 20150831
Ikarus 20150831
Jiangmin 20150830
K7AntiVirus 20150831
K7GW 20150831
Kaspersky 20150831
Kingsoft 20150831
Malwarebytes 20150830
McAfee 20150831
McAfee-GW-Edition 20150831
Microsoft 20150831
eScan 20150831
NANO-Antivirus 20150831
nProtect 20150828
Qihoo-360 20150831
Rising 20150830
Sophos AV 20150831
SUPERAntiSpyware 20150829
Tencent 20150831
TheHacker 20150830
TrendMicro 20150831
TrendMicro-HouseCall 20150831
VBA32 20150831
VIPRE 20150831
ViRobot 20150831
Zillya 20150831
Zoner 20150831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 1994-2014 Koertner & Muth GmbH

Publisher Körtner & Muth GmbH
Product LOCKBASE
Original name Lbw.exe
Internal name Lbw
File version 2, 8, 0, 0
Description LOCKBASE Master Keying Software
Signature verification Signed file, verified signature
Signing date 1:23 PM 7/20/2015
Signers
[+] Körtner & Muth GmbH
Status Valid
Issuer None
Valid from 1:59 AM 5/13/2013
Valid to 7:29 PM 5/12/2016
Valid usage Code Signing, 1.3.6.1.4.1.311.61.1.1
Algorithm SHA1
Thumbprint ACB2CAEA90052461D015DF96B73EB991B5947FE4
Serial number 09 CA
[+] StartCom Class 3 Primary Intermediate Object CA
Status Valid
Issuer None
Valid from 11:03 PM 10/24/2007
Valid to 11:03 PM 10/24/2017
Valid usage All
Algorithm SHA1
Thumbprint 660746026115B8DF862C4F5CF1C51508E96E33D0
Serial number 26
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] GlobalSign TSA for Standard - G2
Status Valid
Issuer None
Valid from 1:00 AM 2/3/2015
Valid to 1:00 AM 3/3/2026
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 19E19A63D5F96CD2C90787449F172AD395B165B6
Serial number 11 21 45 02 EB 63 15 0C A5 B1 95 23 F1 53 56 91 2F E5
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer None
Valid from 11:00 AM 4/13/2011
Valid to 1:00 PM 1/28/2028
Valid usage All
Algorithm SHA1
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign
Status Valid
Issuer None
Valid from 1:00 PM 9/1/1998
Valid to 1:00 PM 1/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm SHA1
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-02 06:59:39
Entry Point 0x000014C0
Number of sections 8
PE sections
Overlays
MD5 1b59f3876173e145e0d72da624e12115
File type data
Offset 142336
Size 7304
Entropy 7.38
PE imports
GetLastError
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
CommandLineToArgvW
MessageBoxA
strncmp
__lconv_init
malloc
fseek
realloc
_wfopen
fread
fclose
strcat
__dllonexit
_cexit
_tempnam
fprintf
_access
_fstat
fopen
_fmode
abort
_amsg_exit
_findclose
_rmdir
strtok
fwrite
_lock
_onexit
__initenv
exit
_fileno
strrchr
__setusermatherr
_strdup
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
_vsnprintf
memmove
signal
strchr
_findnext
remove
_findfirst
strcpy
_mkdir
_initterm
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
LegalTrademarks
LOCKBASE

SubsystemVersion
4.0

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
2.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
LOCKBASE Master Keying Software

CharacterSet
Unicode

InitializedDataSize
141312

EntryPoint
0x14c0

OriginalFileName
Lbw.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1994-2014 Koertner & Muth GmbH

FileVersion
2, 8, 0, 0

TimeStamp
2015:04:02 07:59:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lbw

ProductVersion
2, 8, 0, 0

UninitializedDataSize
1536

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Koertner & Muth GmbH, Hamburg, Germany

CodeSize
22528

ProductName
LOCKBASE

ProductVersionNumber
2.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b509f68f96094a8ffede2e0daa196210
SHA1 9665fa9af37bfdb83976745754c3b9d961be5e9f
SHA256 b44bc14703f8ae11bf9c069d7fafe5fbc59a75162fb52b6cea16068064252ff7
ssdeep
1536:QPG3MuprzXni/WeenToIfQIONfO42444ebY5wsOOiuparU7c9R:Qe3MazieNTBfGNO42444eL+V74

authentihash 80ae291c6fa4105772d98c1f5439d9337c160775f09b6a9850c914a05f13eb23
imphash 014fd78221230ef006770588c35d6f13
File size 146.1 KB ( 149640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-08-31 10:38:38 UTC ( vor 3 Jahre, 3 Monate )
Last submission 2015-08-31 10:38:38 UTC ( vor 3 Jahre, 3 Monate )
Dateinamen Lbw.exe
Lbw
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs